Total
3376 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-3815 | 1 Stalker | 1 Communigate Pro | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
| The "XML Interface to Messaging, Scheduling, and Signaling" (XIMSS) protocol implementation in CommuniGate Pro (CGP) 6.2 suffers from a Missing XIMSS Protocol Validation attack that leads to an email spoofing attack, allowing a malicious authenticated attacker to send a message from any source email address. The attack uses an HTTP POST request to a /Session URI, and interchanges the XML From and To elements. | |||||
| CVE-2018-3810 | 1 Oturia | 1 Smart Google Code Inserter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Authentication Bypass vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to insert arbitrary JavaScript or HTML code (via the sgcgoogleanalytic parameter) that runs on all pages served by WordPress. The saveGoogleCode() function in smartgooglecode.php does not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update the inserted code. | |||||
| CVE-2018-3775 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| Improper Authentication in Nextcloud Server prior to version 12.0.3 would allow an attacker that obtained user credentials to bypass the 2 Factor Authentication. | |||||
| CVE-2018-3761 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised. | |||||
| CVE-2018-3696 | 1 Intel | 1 Raid Web Console 3 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Authentication bypass in the Intel RAID Web Console 3 for Windows before 4.186 may allow an unprivileged user to potentially gain administrative privileges via local access. | |||||
| CVE-2018-3601 | 1 Trendmicro | 1 Control Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A password hash usage authentication bypass vulnerability in Trend Micro Control Manager 6.0 could allow a remote attacker to bypass authentication on vulnerable installations. | |||||
| CVE-2018-2483 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| HTTP Verb Tampering is possible in SAP BusinessObjects Business Intelligence Platform, versions 4.1 and 4.2, Central Management Console (CMC) by changing request method. | |||||
| CVE-2018-2449 | 1 Sap | 1 Supplier Relationship Management Mdm Catalog | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality that you can use on windows machines to do SMB relaying. | |||||
| CVE-2018-25043 | 1 Bittorrent | 1 Utorrent | 2024-11-21 | 6.8 MEDIUM | 5.0 MEDIUM |
| A vulnerability classified as critical was found in uTorrent. This vulnerability affects unknown code of the component PRNG. The manipulation leads to weak authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | |||||
| CVE-2018-25030 | 1 Mirmay | 2 File Manager, Secure Private Browser | 2024-11-21 | 1.9 LOW | 3.3 LOW |
| A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and File Manager up to 2.5. Affected is the Auto Lock. A race condition leads to a local authentication bypass. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-21263 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response. | |||||
| CVE-2018-21246 | 1 Caddyserver | 1 Caddy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode. | |||||
| CVE-2018-21235 | 1 Foxitsoftware | 1 E-mail Advertising System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Foxit E-mail advertising system before September 2018. It allows authentication bypass and information disclosure, related to Interspire Email Marketer. | |||||
| CVE-2018-21128 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. | |||||
| CVE-2018-21125 | 1 Netgear | 2 Wac510, Wac510 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| NETGEAR WAC510 devices before 5.0.0.17 are affected by authentication bypass. | |||||
| CVE-2018-21121 | 1 Netgear | 6 Gs810emx, Gs810emx Firmware, Xs512em and 3 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by authentication bypass. This affects GS810EMX before 1.0.0.5, XS512EM before 1.0.0.6, and XS724EM before 1.0.0.6. | |||||
| CVE-2018-21118 | 1 Netgear | 2 Xr500, Xr500 Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| NETGEAR XR500 devices before 2.3.2.32 are affected by authentication bypass. | |||||
| CVE-2018-21062 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder via a connection to an external device. The Samsung ID is SVE-2018-11766 (August 2018). | |||||
| CVE-2018-21038 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x) software. The Secure Folder app's startup logic allows authentication bypass. The Samsung ID is SVE-2018-11628 (December 2018). | |||||
| CVE-2018-20954 | 1 Mailpile | 1 Mailpile | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys. | |||||